alexei-led/fixing-code
dist/codex/plugins/dev-workflow/skills/fixing-code/SKILL.md
Fix code problems with disciplined diagnosis — run checks, build a repro for bugs, rank falsifiable hypotheses, fix one issue at a time, and verify until clean. Use when fixing, debugging, diagnosing, or resolving lint/test/build failures.
$ install --global
skillsauthnpx skillsauth add alexei-led/claude-code-config fixing-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 3:43 AM224.4s1 file scanned
SKILL.md
- description:
- Fix code problems with disciplined diagnosis — run checks, build a repro
- name:
- fixing-code
Fix and Diagnose Code
Fix until clean. For hard bugs, diagnose before editing. No guessing. Confirm before any destructive command; never use git reset --hard, git clean, or force push as a fix.
Role-gated action
Detect your capability from your tools, not from prose:
- Write-capable role (engineer): run all steps — diagnose, apply the fix, run verification.
- Read-only role (reviewer): run Steps 1–3 to diagnose (a reviewer has no Bash — work from the files in scope and caller-supplied error/diff context, skipping any command), then stop before Step 4. Instead of editing, emit the fix in the Proposed Changes contract below. Apply nothing; run nothing.
Language detection
Detect the language from the file extensions in scope and use the matching toolchain in Step 1 (build/test/lint commands shown per language). This skill has no per-language reference files — operate from the generic procedure; the language only selects which verification commands to run.
Step 1: Build a feedback loop
For lint/build/test failures, run validation first:
make lint 2>&1 | head -150
make test 2>&1 | head -150
No Makefile? Detect language:
# Go
golangci-lint run ./... 2>&1 | head -150
go test -race ./... 2>&1 | head -150
# Python
ruff check . 2>&1 | head -150
pytest --tb=short 2>&1 | head -150
# TypeScript
bun lint 2>&1 | head -150
bun test 2>&1 | head -150
If all checks pass, report All checks pass and stop.
For reported bugs, first build a fast pass/fail signal that reproduces the user's symptom:
- Failing test at the right seam.
- CLI or HTTP script with fixture input.
- Browser script for UI bugs.
- Replay captured payload/log/trace.
- Throwaway harness around the smallest real code path.
- Property/fuzz loop for intermittent wrong output.
git bisect runharness for regressions.
Do not proceed to fixes until the loop reproduces the symptom. If no loop is possible, stop and ask for access, logs, captured payloads, or permission to add temporary instrumentation.
Step 2: Analyze root causes
Catalog every distinct issue:
- file:line
- exact error/test failure
- tool that reported it
- priority: critical / important / minor
For hard bugs, write 3–5 ranked falsifiable hypotheses before testing one:
If <cause> is true, then <probe/change> will make <specific symptom> disappear or change.
Read files and tool output. Do not guess at code content.
Step 3: Instrument carefully
Probe one hypothesis at a time.
- Prefer debugger/REPL inspection when available.
- Otherwise add targeted logs at boundaries that distinguish hypotheses.
- Tag temporary logs with a unique prefix like
[DEBUG-a4f2]. - For performance regressions: measure baseline first, then bisect/profile.
Step 4: Fix one issue at a time
For each issue, in priority order:
- Read the exact code path.
- Apply the smallest root-cause fix.
- Add or update a regression test at the correct seam when possible.
- Run the narrow check.
- Run broader lint/test before moving on.
If the only available test seam is too shallow, report that. Do not write fake-confidence tests against helpers while the real bug path stays uncovered.
If a fix causes new failures, revert or adjust it before touching the next issue.
Step 5: Final verification and cleanup
Required before done:
- Original repro no longer reproduces.
- Regression test passes, or missing test seam is explicitly reported.
- Full validation passes.
- All
[DEBUG-...]probes are removed. - Throwaway harnesses are deleted or moved into test fixtures.
Run:
make lint && make test
Or language equivalents. Loop back to root-cause analysis if anything still fails.
Output format
Engineer (applied the fix):
FIX COMPLETE
============
Mode: standard | diagnose
Issues found: X
Fixed: Y
Remaining: Z
Status: CLEAN | NEEDS ATTENTION
Root cause:
- <short verified cause>
Changes:
- file:line — fix
Verification:
- <command> — pass/fail
If unresolved, state the blocker and exact artifact/access needed. Do not pretend clean.
Reviewer (diagnosed only — emit the fix as a proposal, apply nothing):
## Proposed Changes
Root cause:
- <short verified cause>
### Change 1: <brief description>
File: `path/to/file`
Action: CREATE | MODIFY | DELETE
Code:
<complete code block, in the file's language>
Rationale: <why this change>
For MODIFY, include enough surrounding context (signatures, nearby lines) to locate the change precisely. For large fixes, show one representative change and describe the pattern rather than every file.
Related Skills
alexei-led/writing-shell
tools
VerifiedTrustedCommunity
Idiomatic shell development for POSIX sh, Bash, Zsh, Fish, hooks, CI shell steps, and scriptable CLI glue. Use when writing or changing `.sh`, `.bash`, `.zsh`, `.fish`, `.bats`, shell functions, shell pipelines, or command-runner recipes. Emphasizes portability, quoting, safe filesystem/process handling, non-TUI CLI tools, ShellCheck, shfmt, Bats, and ShellSpec. NOT for Python, TypeScript, Go, web code, or infrastructure operations.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/spec-flow
tools
VerifiedTrustedCommunity
Use when planning, executing, checkpointing, finishing, or inspecting lightweight spec-driven work. Runs one task at a time using `.spec/` markdown files and the bundled `specctl` helper. NOT for broad product discovery beyond a short requirement interview.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/operating-infra
testing
VerifiedTrustedCommunity
Author, inspect, troubleshoot, and review infrastructure across IaC, Kubernetes, cloud resources, containers, CI/CD, and Linux hosts. Use when changing Terraform/OpenTofu, Kubernetes, Helm, Kustomize, Dockerfiles, GitHub Actions, AWS, GCP, Cloud Run, BigQuery, IAM, logs, instances, or service health. NOT for deploy/apply/rollback workflows (see deploying-infra). NOT for shell scripts or generic command pipelines (see writing-shell).
33SKILL.mdUpdated Jun 5, 2026
alexei-led/configuring-git-hygiene
development
VerifiedTrustedCommunity
Configure safe git workflow hygiene: pre-commit/pre-push hooks, Gitleaks secret scanning, .gitignore rules, local git config, and guardrails. Use when setting up git hooks, gitleaks/git leaks, staged pre-commit checks, pre-push validation, core.hooksPath, .gitignore, or git config best practices. NOT for creating commits (use committing-code), cleaning branches/worktrees (use cleanup-git), or creating worktrees (use using-git-worktrees).
33SKILL.mdUpdated Jun 5, 2026